Dec 12, 2011

Verify Email with Telnet


Stolen from: http://www.webdigi.co.uk/

We have all been doing email address validation for a very long time to make sure that the email is correctly formatted. This is to avoid users entering wrongly formatted email address but still they can accidentally give us a wrong email address.

Example of a correctly formatted email address but still wrong:
mailbox.does.not.exist@reddit.com [VALID email format but it does not exist]

Above case specifically happens when you take important customer email on phone and you type in the wrong email. So is there a QUICK solution to really check the email without sending a test message to the user? Yes.

The solution
A quick & simple check below can be implemented in most programming language including PHP, Python etc. It relies on using the same SMTP which is used to send emails.
To check if user entered email mailbox.does.not.exist@reddit.com really exists go through the following in command prompt.

First - Find mail exchanger of reddit.com
COMMAND:
nslookup – q=mx reddit.com
RESPONSE:
reddit.com      MX preference = 10, mail exchanger = mail.reddit.com
mail.reddit.com internet address = 208.96.53.70

Second - Connect to mail server mail.reddit.com
COMMAND:
telnet mail.reddit.com 25
RESPONSE:
220 mail.reddit.com ESMTP Postfix NO UCE NO UEMA  C=US L=CA Unsolicated electronic mail advertisements strictly prohibited, subject to fine under CA law CBPC 17538.45.  This electronic mail service provider’s equipment is located in the State of California.  See http://www.reddit.com/static/inbound-email-policy.html for more information.
COMMAND:
helo hi
RESPONSE:
250 mail.reddit.com
COMMAND:
mail from: <youremail@gmail.com>
RESPONSE:
250 2.1.0 Ok
COMMAND:
rcpt to: <mailbox.does.not.exist@reddit.com>
RESPONSE:
550 5.1.1 <mailbox.does.not.exist@reddit.com>: Recipient address rejected: User unknown in local recipient table
COMMAND:
quit
RESPONSE:
221 2.0.0 Bye

NOTES:
1) the 550 response indicates that the email address is not valid and you have caught a valid but wrong email address. This code can be on the server and called on AJAX when user tabs out of the email field.  The entire check will take less than 2 seconds to run and you can make sure that the email is correct.
2) If email was present the server will respond with a 250 instead of 550
3) There are certain servers with a CATCH ALL email and this means all email address are accepted as valid on their servers (RARE but some servers do have this setting).
4) Please do not use this method to continuously to check for availability of gmail / yahoo / msn accounts etc as this may cause your IP to be added to a blacklist.
5) This is to supplement the standard email address javascript validation.

No comments: